oliverhi / zfs-homeserver Goto Github PK

Hey i saw your comment about TODO check user existence,
since i took inspiration of your role for my own custom role, here is what i've done to check for existing smb users:

in my main.yml role:

- name: Manage Samba Users
  include_tasks: "smbusers.yml"
  loop: "{{smb_users}}"

and then a file "smbusers.yml":

- name: Check existence of smb user {{item.name}}
  ansible.builtin.command: "pdbedit -u {{item.name}}"
  register: userstat
  failed_when: "userstat.rc not in [ 0, 255 ]"
  changed_when: false

- name: Create samba user {{item.name}}
  shell: "(echo {{ item['smbpasswd'] }}; echo {{ item['smbpasswd'] }}) | smbpasswd -s -a {{ item['name'] }}"
  when: userstat.rc == 255

- name: Enable samba user {{item.name}}
  shell: "smbpasswd -e {{ item['name'] }}"
  when: userstat.rc == 0

The workaround with the include_tasks is that currently ansible is not capable of looping in a block. (Or not that i'm aware of).
Maybe you can use my Code Snippet.

Either way thanks for your work!

When calling 'restart smbd' can it be that you forgot to define a handler in 'setupSambaTask.yml' ?

example:

handlers:
- name: restart smbd
ansible.builtin.service:
name: smbd
state: restarted

Still learning about anisble and such, could be wrong!
In any case, thanks for your blogpost - I learned a bunch already!

As far as I understand - your server does not make ZFS encrypted partitions? It seems to me very important to have encrypted partitions that could be started when booting by entering a password (or a file from a flash drive, but it seems to me it is more difficult to do this, although I have such a solution for LUKS / LVM + ext4 on Raspberry Pi 4, but not for your project).

Why do this?

A simple theft of a home, when thieves take away a home server and sell it for spare parts with uncrypted sections, will jeopardize all personal data on it. If the partitions are protected at least by a password that is specified at the time of loading (or even better - when we insert a flash drive before turning on, on which there is a key file - then you do not need to enter a password at all) - we will reliably protect the data at least from the banal theft of the device.

What do you think about this? Can this be implemented with your scripts?